Contents Users Guide Chapter 1 Chapter 2 Chapter 3 Chapter 4 Appendices Glossary

Annual Report 2005-06

Chapter 3 Protecting Privacy

3.1 Review of Performance
3.2 Responding to Enquiries
3.3 Responding to Complaints
3.4 Own Motion Investigations
- 3.4.1 Issues in Own Motion Investigations
- 3.4.2 Outcomes of Own Motion Investigations
3.5 Case Notes
3.6 Complaints and Enquiries Statistics on www.privacy.gov.au
3.7 Reports of Complaints under Approved Codes
- Table 3.8 Approved Codes under the Privacy Act
3.8 Audits
3.9 Personal Information Digest
3.10 Monitoring Government Comparisons of Data Sets

3.1 Review of Performance

The Privacy Commissioner protects the privacy of Australians through compliance activities that include offering a telephone enquiries service, resolving individual privacy complaints, conducting investigations and audits, and monitoring data-matching activities.

The Office's compliance focus in 2005-06 was on the resolution of individual complaints. The Office aims to resolve cases in ways which are fair, open and engender stakeholder confidence.

As mentioned earlier in this report, the Office is to receive an increase in funding of approximately $8.1m over four years. One of the first priorities will be to ensure that the Office's complaints handling systems and practices are working well and that individuals' complaints are handled in a timely and effective way. The additional funding will enable an improvement in turnaround times and the removal of the current backlog.

In addition to its work on individual complaints, the Office also assessed 90 incidents that may have indicated privacy breaches affecting individuals or systemic privacy breaches. Where indicated on the basis of a risk assessment, formal investigations or other actions, including providing advice, were instituted.

While, as noted above, the Office currently has a limited audit program, it did complete all audits planned under specific funding arrangements established by Memoranda of Understanding (MOUs) (see section 4.1). It also finalised arrangements to publish most audit reports on its website (see section 3.8).

3.2 Responding to Enquiries

3.2.1 Telephone Enquiries

The Office operates a cost of a local call telephone enquiry service (1300 363 992), which provides general advice about privacy issues and privacy law. It answered 19 150 telephone enquiries in 2005-06, 9% less than the 21 108 received in 2004-05. While there are calls from organisations or agencies seeking advice about how to comply with their obligations under the Privacy Act, most calls were from individuals seeking advice about how to deal with possible interferences with their privacy.

Table 3.1 below shows a break-down of issues that calls were received about during 2005-06.

Table 3.1 Telephone Enquiries

Issue
Credit Reporting	1279
Data-matching	30
Information Privacy Principles	905
Spent Convictions	190
Tax File Numbers	49
Privacy General	3612
Privacy Issues Outside Jurisdiction	689
Sub-total	6754
Private Sector Provisions
NPP 1 - Collection	1439
NPP 2 - Use and Disclosure	3804
NPP 3 - Data Quality	180
NPP 4 - Data Security	625
NPP 5 - Openness	153
NPP 6 - Access and Correction	1408
NPP 7 - Identifiers	23
NPP 8 - Anonymity	7
NPP 9 - Transborder Data Flows	90
NPP 10 - Sensitive Information	47
NPP Exemptions	2000
Private Sector Provisions (General)	571
Sub-total	10 347
Unrelated to Privacy	2049
TOTAL	19 150

Of the total calls received most related to the National Privacy Principles (54%). Of these, use and disclosure of personal information was the area of greatest concern (37%) with 2701 of these being about inappropriate disclosures of personal information. Other categories of concern were collection of personal information (14%) and access to and correction of personal information (14%).

Callers were also concerned about issues relating to the private sector that did not fall within jurisdiction. Of the 2000 enquiries received in this category, employment matters rated highly (43%) as did the practices of small business operators (21%).

Chart 3.1 below distributes telephone enquiries by industry sector.

Chart 3.1 Industry Sectors to which Telephone Enquiries relate 2005-06

A sample of calls received appears below.

A caller rang distressed because a finance company had rung the caller's nominated contact person and disclosed details about his loan. The caller thought this was unnecessary because the loan was only in arrears by 14 days, the finance company had his address and phone number and he had previously left a message for the finance company to ring him.
A representative of a small charity, previously unaware that it would need to comply with the Privacy Act because of its marketing activities, rang to clarify its obligations. The charity stated that it had been given a marketing list by another charity and that this was common practice in the industry.
A number of callers advised that their doctor's landlord had changed the locks of the doctor's surgery because of nonpayment of rent for the premises. The landlord had assumed control of all the medical records of the patients and was charging a fee of $55 an hour to access their medical files.
A caller watched a TV program on identity theft and became concerned about an incident that had occurred some time previously. As he was leaving a restaurant he had received a phone call offering him a credit card. He had provided personal information over the phone including where he worked, how much he earned, his name, address and phone number and his driver's licence number, but subsequently did not hear anything from the company. When he rang the company's advertised number he was told that there was no record of any contact with him.

3.2.2 Written Enquiries

In addition to enquiries received via the telephone enquiry service, the Office received 2316 written enquiries by email, post and facsimile. This is an 11% increase on the 2094 reported in 2004-05. Of the written enquiries received this year, 1441 or 62% were specifically about the operation of the private sector provisions.

3.3 Responding to Complaints

The Privacy Commissioner may accept complaints from individuals about acts or practices that may be an interference with their privacy. This can include complaints about:

how personal information is handled by Australian and ACT Government agencies under the IPPs
how personal information is held by all large private sector organisations, all private sector health service providers and some small businesses under the NPPs
credit worthiness information held by credit reporting agencies and credit providers
personal tax file numbers used by individuals and organisations
matters under related legislation including under the Crimes Act 1914 regulating the handling of information about old minor convictions and the Data-matching Program (Assistance and Tax) Act 1990 regulating the conduct of Australian Government data-matching programs.

3.3.1 Complaints received during 2005-06

In 2005-06 the Office received a total of 1183 complaints across all areas of its jurisdiction (1275 were received in 2004-05).

The nature of complaints varied considerably. Some examples are listed below:

a complainant alleged that a medical specialist sent correspondence to a work address after specifically being requested not to, had also inappropriately discussed the matter with the complainant's GP, and had denied the complainant access to the document without giving a reason
a company which maintained a database of information about tenants as a risk management tool for the housing sector, listed inaccurate information on the database, affecting the complainant's ability to obtain housing
a complainant alleged that a financial institution disclosed personal information to the complainant's ex-spouse, with significant emotional and financial consequences
a complainant disputed a default listing made to a credit reporting agency on the grounds that notice had not first been given that a listing might be made, and that no action had been taken to first recover the debt.

The spread of complaints received in relation to the various jurisdictions of the Privacy Act is set out in Chart 3.2 below. Complaints relating to the private sector in relation to possible breaches of the NPPs continue to dominate.

Chart 3.2 Percentage of Complaints received by Privacy Act Jurisdiction

The matters most frequently raised in complaints as a percentage of total complaints received is set out in Chart 3.3 below. Percentages exceed 100 due to complaints containing more than one issue.

Chart 3.3 Percentage of Complaints received by Key Issue

Chart 3.4 sets out the number of complaints received by sector (for the twelve sectors regarding which most complaints are made).

Chart 3.4 Complaints received by Sector

3.3.2 Complaints closed during 2005-06

The Office closed 1131 complaints in 2005-06. This was 1% less than the 1144 complaints closed in 2004-05.

About 11% of matters were closed following a formal investigation and, where appropriate, through reaching a conciliated resolution to the matters that gave rise to the complaint. In other cases, matters were finalised after the Privacy Commissioner made preliminary enquiries which may have included a conciliation process or which revealed that there was an interference with privacy or that the matter was not within jurisdiction. In many cases the Privacy Commissioner declined the matter, for example because:

the complainant had not given the respondent a chance to resolve the matter as required by the Privacy Act or
the Commissioner did not have jurisdiction because the respondent was a state government body, or a small business excluded from the Privacy Act.

Table 3.2 below summarises the stage at which complaints were closed and the average time the Office took to finalise the complaint.

Table 3.2 Stage at which Complaints Closed

Stage at which complaint closed	Number of matters	Average time to finalise (months/years)
Formal investigations - s. 40(1)	124	1 year 6 months
Preliminary inquiries - s. 42	333	6 months
Declined to investigate - s. 41	674	1 month
Total	1131

The Office aims to finalise all complaints within 12 months of receipt. While it meets this target on the average duration for all complaints, formal investigations currently take longer than this due to the current complaint backlog.

3.3.2.1 Complaints closed following investigations

The Privacy Commissioner may investigate acts or practices that may be a breach of privacy and, if appropriate, endeavour to conciliate a resolution to the matters that gave rise to the complaint.

Following an investigation, and conciliation if appropriate, the Privacy Commissioner may decide not to investigate a matter further if satisfied that the matter has been adequately dealt with by the respondent or that there is no interference with privacy, or may decide to make a determination in relation to a complaint under s. 52.

In 2005-06 the Privacy Commissioner closed 124 or 11% of complaints following a formal investigation of the matters that gave rise to a complaint. Table 3.3 below sets out the grounds the Privacy Commissioner relied on to close these complaints. The matters mentioned here are greater than the total number of complaints closed as in some cases there is more than one ground for closing a matter. In about 50% of cases the Privacy Commissioner formed the view that the complaint was likely to be upheld and proceeded to conciliation.

The resolutions agreed between the parties in these cases include:

provision of access to records
correction of records
apologies
changes to systems
amounts of compensation ranging from less than $500 to $20 000.

There were no determinations made in 2005-06.

Table 3.3 Grounds for Declining to Investigate Complaints Further Following an Investigation

	NPPs	IPPs	Credit	Spent convictions	TFNs	Total
No interference with privacy - s. 41(1)(a)	30	9	10	0	0	49
Respondent has adequately dealt with matter - s. 41(2)(a)	42	8	21	1	1	73
Other (for example, withdrawn)	15	6	5	0	0	26
Total	87	23	36	1	1	148

3.3.2.2 Nature of remedies achieved by conciliation following investigation

Table 3.4 below sets out in more detail the outcomes of the complaints closed as adequately dealt with following a formal investigation and conciliation process. In reading the table it is important to note that the total does not necessarily equate to the total number of complaints as there may be more than one resolution for a particular complaint.

It is worth noting that financial compensation was a feature in 27% of the complaints closed following conciliation. These complaints represent 2.5% of the total complaints received in 2005-06.

Table 3.4 Nature of Remedies in Complaints Closed as Adequately Dealt With after Investigation

	NPPs	IPPS	Credit	TFNs	Spent Convictions.	Total
Record corrected	8	0	19	0	1	28
Apology	7	4	1	0	1	13
Changed procedure	7	3	3	0	0	13
Access provided	11	0	1	0	0	12
Other	6	5	0	0	0	11
Compensation - up to $500	3	1	2	1	1	8
Compensation - $501 - $2000	6	1	1	0	0	8
Compensation - $2001 - $20,000	5	0	3	0	0	8
Compensation - confidential settlement	2	1	2	0	0	5
Total	55	15	32	1	3	106

3.3.2.3 Complaints closed following preliminary enquiries

The Privacy Act provides for the Privacy Commissioner to conduct preliminary enquiries with the respondent or other parties to a complaint, to determine whether the Commissioner has the power to investigate or should exercise discretion not to investigate a matter further. Preliminary enquiries may seek to establish, for example, if:

an organisation may claim the small business operator exemption
an agency or organisation is willing to provide access to records or
a particular act or practice is authorised by law.

In 2005-06 the Privacy Commissioner closed 333 or 29% of complaints following preliminary enquiries. Table 3.5 below sets out the grounds the Privacy Commissioner relied on to close these complaints. Note that the figures are greater than total complaints closed because some cases are closed for more than one reason.

Table 3.5 Basis for Closing Complaints Following Preliminary Enquiries

	NPPs	IPPs	Credit	Other	TFNs	Total
40(1A) complaint not raised with respondent	11	1	3	2	0	17
41(1)(a) no interference with privacy*	113	16	14	4	1	148
41(1)(c) aware of complaint for over 12 months	3	0	0	0	1	4
41(1)(d) frivolous, vexatious, misconceived or lacking in substance	2	0	1	0	0	3
41(1)(e) is being dealt with under another law	0	2	0	0	0	2
41(1)(f) another law is more appropriate	0	1	0	0	0	1
41(2)(a) respondent has adequately dealt with matter	85	3	23	3	0	114
41(2)(b) respondent has not had adequate opportunity to deal with matter	9	1	5	1	0	16
Other (for example, withdrawn)	43	5	5	0	1	54
Total	266	29	51	10	3	359

* This includes matters that fall outside the Commissioner's jurisdiction, for example the respondent is a state government body.

In the course of conducting preliminary enquiries, the Privacy Commissioner may find that the respondent had adequately dealt with the matter, or may be able to conciliate a resolution to the matters that gave rise to the complaint. Table 3.6 below summarises the remedies achieved following preliminary enquiries.

It is worth noting that financial compensation was a feature in 11% of the complaints closed following conciliation. These complaints represent 1% of the total complaints received in 2005-06.

Table 3.6 Nature of Remedies in Complaints Closed as Adequately Dealt With after Preliminary Enquiries

	NPPs	IPPS	Credit	TFNs	Total
Access provided	47	0	1	0	48
Record corrected	18	0	16	0	34
Other	10	2	5	0	17
Apology	6	0	3	0	9
Changed procedures	6	0	1	0	7
Compensation - confidential settlement	4	1	0	1	6
Compensation - up to $500	5	0	0	0	5
Compensation - $501 - $2000	2	0	1	0	3
Total	98	3	27	1	129

3.3.2.4 Complaints closed without investigation

In 2005-06 the Privacy Commissioner closed 674 or 60% of complaints by exercising discretions not to investigate a matter. Table 3.7 below sets out the grounds the Privacy Commissioner relied on to close these complaints.

Notably, for all types of complaints, more were closed on the basis that there was no interference with privacy (s. 41(1)(a)) than for another reason. Complaints were also frequently closed on the basis that the complainant had not first raised the matter with the respondent (s. 40(1A)).

Other common grounds for closing a complaint were that the respondent had not yet had an adequate opportunity to consider the matter (s. 41(2)(b)) or the respondent had dealt adequately with the complaint (s. 41(2)(a)). In cases where the Office considered there was no interference with privacy

(s. 41(1)(a)), this may have been, in the case of IPP complaints, because the act or practice was authorised by law, or in the case of credit complaints, that the respondent followed the proper procedure before listing a default on an individual's consumer credit information file.

Table 3.7 Basis for Closing Complaints without Investigation

	NPPs	IPPs	Credit	Other	TFN	Spent Convictions.	Total
40(1A) complaint not raised with respondent	73	31	23	3	0	1	131
41(1)(a) no interference with privacy*	185	36	27	98	1	0	347
41(1)(c) aware of complaint for over 12 months	5	2	1	2	0	0	10
41(1)(d) frivolous, vexatious, misconceived or lacking in substance	10	6	2	5	0	0	23
41(1)(e) is being dealt with under another law	5	1	0	0	0	0	6
41(1)(f) another law is more appropriate	4	3	0	1	0	0	8
41(2)(a) respondent has adequately dealt with matter	22	1	5	0	0	0	28
41(2)(b) respondent has not had adequate opportunity to deal with matter	60	12	17	3	0	0	92
Other (for example, withdrawn)	19	3	5	2	0	0	29
Total	383	95	80	114	1	1	674

* This includes matters that fall outside the Commissioner's jurisdiction, for example the respondent is a state government body.

3.3.2.5 Compliance issues in NPP complaints

Chart 3.5 below sets out the issues raised in complaints against private sector organisations where the Commissioner found a compliance issue and, following conciliation, closed the matter as having been adequately dealt with. The issues raised most frequently relate to misuse, inappropriate disclosure or the provision of access.

Chart 3.5 NPP Complaints Resolved by the Respondent Following Investigation by the Office

3.3.2.6 Compliance issues in IPP complaints

Chart 3.6 below sets out the issues raised in complaints against Australian and ACT Government agencies where the respondent took action following preliminary enquiries or a formal investigation by the Office. It is important to note here that the number of complaints is quite small and therefore may not reliably indicate trends.

Chart 3.6 IPP Complaints Resolved by the Respondent Following Investigation by the Office

3.3.2.7 Compliance issues in Credit Reporting complaints

Chart 3.7 below sets out the issues in complaints against credit providers or credit reporting agencies where the respondent took action following preliminary enquiries or a formal investigation by the Office.

The most significant issue in these matters was where the individual concerned disputed the validity of a default listing on a consumer credit information file, for example because they had not been advised that a listing would be made, or the credit provider had not first tried to recover the amount outstanding. Where the Office confirmed that the listing had been made without following proper procedures the resolution generally involved removal of the default listing.

Chart 3.7 Credit Reporting Complaints Resolved by the Respondent Following Investigation by the Office

3.4 Own Motion Investigations

Section 40(2) of the Privacy Act allows the Commissioner to investigate a possible interference with privacy if the Commissioner thinks it desirable, without first receiving a complaint from an individual. The Office calls such investigations 'own motion' investigations.

3.4.1 Issues in Own Motion Investigations

During 2005-06 the Office became aware of 90 new matters that may have involved interferences with privacy. These matters were brought to the attention of the Office through incidents reported in the media, individuals calling the telephone enquiries line or writing to the Office about an issue of concern affecting either them or other people, and agencies or organisations 'self-reporting' breaches or advising of possible breaches by other organisations.

The Office decided on the basis of its risk assessment criteria to open formal investigations into 11 of these matters. In the majority of other cases where the Office decided not to investigate, it still made contact with the respondents to alert them to the issue and in some cases to recommend a course of action. The risk assessment criteria the Office uses in deciding whether to investigate include the:

sensitivity of the personal information involved
number of people affected and the consequences for those individuals
likelihood that the investigation will reveal acts or practices that involve systemic interferences with privacy and/or that are widespread
progress of an agency or organisation's own investigation into the matter
nature of any proposed resolution and
necessity for the Office to be satisfied that the investigation is complete and/or proposed resolutions are implemented.

The situations the Office investigated included:

information received suggesting that an organisation was publishing individuals' financial information on its website in an unsecured manner
information received suggesting that an organisation had disposed of records containing sensitive health information in an inappropriate and unsecured manner
information received suggesting that an organisation was collecting unnecessary personal information through an overseas contractor and that a service contract specifying how the information should be handled was not in place
information suggesting that a government agency had disclosed employee information for research purposes without consent and
information suggesting that a government agency had insufficient security controls around the authorised access to its databases by another government agency.

3.4.2 Outcomes of Own Motion Investigations

In the majority of cases investigated where the Commissioner found the allegations to be substantiated, the respondent dealt with the issues of concern, either on their own initiative or following the Office's suggestions. The action taken has included:

advice to people affected
apologies
retrieval and appropriate disposal of records
change in practice, for example greater website security
change in procedures.

3.5 Case Notes

The Commissioner regularly publishes case notes that describe, in de-identified form, the issues and outcomes in selected complaints. In providing this insight into how privacy principles are being applied the Commissioner aims to:

ensure the Office is accountable and transparent in its processes and decision making
assist the public to know if their personal information is being handled appropriately, or assist them to decide whether to pursue a complaint
provide a more certain and predictable environment for the development of policies and procedures and
encourage compliance with the Privacy Act and good privacy practice.

In 2005-06 the Office published 18 case notes about complaints under the NPPs, IPPs and other areas of the Privacy Act jurisdiction. This compares to 22 case notes published in the previous financial year.

The cases selected for publishing as case notes either:

demonstrate a new interpretation of the Privacy Act or associated legislation
illustrate systemic issues
illustrate the application of the law to a particular industry or
illustrate situations in which the Commissioner may decline to investigate complaints.

The case notes are accessible through a number of sources. They are published on the Office's website at www.privacy.gov.au/act/casenotes/index.html, in the CCH Federal Privacy Handbook, and on the Australasian Legal Information Institute (Austlii) website at www.austlii.edu.au.

3.6 Complaints and Enquiries Statistics on www.privacy.gov.au

In addition to the descriptions of specific complaints published as case notes the Commissioner also publishes statistical information giving an overview of complaints and enquiries to the Office. Monthly updates published on the website include:

the number of complaints, telephone and written enquiries received and
the number of NPP complaints closed according to issue type.

The statistics are available at www.privacy.gov.au/about/complaints/index.html.

3.7 Reports of Complaints under Approved Codes

The Privacy Act provides for organisations or groups of organisations to develop privacy codes that, if approved by the Commissioner, replace the NPPs as the legally enforceable privacy standards for those organisations. As at 30 June 2006 there are two approved codes, and these are listed in Table 3.8 below.

Table 3.8 Approved Codes under the Privacy Act

Name of Code	Code Adjudicator	Monitoring/Reporting Responsibility
Market and Social Research Privacy Code	Privacy Commissioner	Association of Market Research Organisations and the Privacy Commissioner
Queensland Club Industry Privacy Code	Privacy Commissioner	Clubs Queensland and the Privacy Commissioner

The General Insurance Information Privacy Code (the Insurance Code) was also in force during the reporting period, but was revoked in April 2006. The Insurance Code included an alternative complaint handling process, as permitted by the Privacy Act. This being the case, a report on the operation of the code and details of complaints finalised under the code must be provided to the Commissioner each year. The Office received a report on the operation of the Insurance Code from its Code Adjudicator, Insurance Ombudsman Service Ltd, covering the 2004-05 period.

There were seven privacy complaints received during that period. The Code Adjudicator reported compliance monitoring activities, including receiving reports on the nature of privacy complaints handled by code members and taking action following the identification of a systemic issue. In this case, the organisation was encouraged to improve training on the handling of privacy complaints.

3.8 Audits

The Privacy Commissioner has powers under the Privacy Act to conduct privacy audits of Australian and ACT Government agencies and some organisations in certain circumstances. Audits are a key method for determining and improving the extent of compliance with the Privacy Act. The focus for the Office in conducting audits is to bring about systemic change in the reduction of privacy risks and to promote best privacy practice.

The Commissioner's audit powers are set out in several sections of the Privacy Act:

auditing agency compliance with the Information Privacy Principles - s. 27(1)(h)
examining the records of the Commissioner of Taxation in relation to tax file numbers (TFNs) and TFN information - s. 28(1)(d)
auditing TFN recipients - s. 28(1)(e)
auditing credit information files and credit reports held by credit reporting agencies and credit providers - s. 28A(1)(g).

The Commissioner does not have an audit function in relation to compliance with the National Privacy Principles by private sector organisations, unless at the request of the organisation under section 27(3).

The number of audits carried out by the Office has varied over the life of the Privacy Act depending on the nature of privacy complaints and other priorities of the Office. In 2005-06 the Office only undertook audits where it had received specific funding to do so. This is consistent with the approach taken by the Office since 2002-03 when the Commissioner decided to redirect the Office's resources as a result of the significant increase in complaint numbers.

In an effort to promote transparency in the Office's audit work and to help promote good privacy practice, the Office has published the finalised reports of audits of Australian and ACT Government agencies undertaken since 1 July 2002 on its website (see www.privacy.gov.au/government/audits). Some audit reports have classified content and as such have been withheld from publication or have been published in an abridged form.

3.8.1 Audits Commenced in 2005-06

3.8.1.1 ACT Government Audits

The Office currently has a Memorandum of Understanding with the ACT Government (see section 4.1.3) which includes a commitment by the Office to conduct two audits of ACT Government agencies per financial year. The Office selects audit targets based on a risk assessment analysis which takes into account previous audits and audit findings, complaints against ACT Government agencies, the amount of personal information held by an agency and the sensitivity of and risk to that information.

Table 3.9 below shows audits of ACT Government agencies commenced by the Office in 2005-06 under this arrangement.

Table 3.9 ACT Audits Commenced 2005-06

Agency	Audit Scope	Commenced
ACT Office of the Community Advocate	Client Records	26 October 2005
ACT Department of Corrective Services	Staff and Client Records	21 February 2006

3.8.1.2 Biometrics for Border Control Audits

The Office has been allocated additional funding over four years (2005-06 to 2008-09) as a component of the Development of Biometrics for Border Control program involving the Department of Foreign Affairs and Trade (DFAT), the Australian Customs Service (Customs) and the Department of Immigration and Multicultural Affairs (DIMA). The broad objective of this program is to develop and implement biometric systems to enhance identity management at the border and to increase the efficiency of border processing. The Office has committed to undertake three audits per year of key projects in the Biometrics for Border Control program.

Table 3.10 below shows audits of Biometrics for Border Control projects commenced by the Office in 2005-06 under this funding.

Table 3.10 Biometrics for Border Control Audits Commenced 2005-06

Agency	Audit Scope	Commenced
DIMA	Identity Services Repository (System Design)	26 October 2005
DFAT	ePassport (Follow-up Audit)	14 March 2006

The Office had scheduled an audit of another DIMA project for 2005-06. However, as DIMA is not as advanced in the project development as anticipated this audit has been postponed until 2006-07.

3.8.1.3 Identity Security Audits

In 2005-06 the Office received funding to provide privacy advice and oversight in respect of projects to be delivered under the Australian Government's National Identity Security Strategy. As part of its oversight activity, the Office undertook an audit of the Document Verification Service Prototype convened by the Attorney-General's Department (AGD) which involves data exchange between Centrelink, DIMA, DFAT and a number of state agencies.

Table 3.11 below shows identity security audits commenced by the Office in 2005-06.

Table 3.11 Identity Security Audits Commenced 2005-06

Agency	Audit Scope	Commenced
AGD, Centrelink, DIMA, DFAT	Document Verification Service Prototype	1 June 2006

3.8.2 Audits Finalised in 2005-06

3.8.2.1 ACT Government Audits

In the reporting period, the Office finalised its privacy audits of the following ACT Government agencies:

Table 3.12 ACT Audits Finalised 2005-06

Agency	Audit Scope	Commenced
ACT Department of Disability, Housing and Community Services	Client Records and Bushfire Database	14 April 2004
ACT Department of Justice and Community Safety - Register General's Office	Client and Staff Records	20 January 2005
ACT Treasury	First Home Owners Grant: Client Records	1 February 2005

The Office generally found that the agencies had appropriate privacy controls in place to ensure a satisfactory level of compliance with the IPPs. However, the auditors made recommendations where insufficient privacy controls were identified or where better privacy practice could be instituted.

Common audit findings included:

lack of appropriate security controls for paper records, such as use of locked cabinets for storage of personal information and appropriate file tracking systems
lack of appropriate security controls for electronic records such as 'need-to-know' access controls and standardised screen locks
inadequate or sporadic staff training in privacy
provision of insufficient notice to individuals when collecting their personal information
unnecessary retention of personal information creating increased risk of inappropriate access to or use and disclosure of personal information.

The Office made recommendations to address these and other findings. Generally, the recommendations made were accepted by the agencies involved.

Final reports for audits of the ACT Department of Disability, Housing and Community Services and the ACT Department of Justice and Community Safety - Register General's Office are available from the Office's website (see www.privacy.gov.au/government/audits).

Following discussions with ACT Treasury, the Commissioner has agreed to withhold the audit report for the First Home Owners Grant on the grounds that the release of information regarding the process by which applications for first home owner grants are scrutinised may undermine investigations into fraudulent applications.

3.8.2.2 Biometrics for Border Control Audits

In the reporting period, the Office finalised the following Biometrics for Border Control audit:

Agency	Audit Scope	Commenced
Department of Foreign Affairs and Trade and the Australian Customs Service	ePassport and SmartGate Trials	4 April 2005

The Office made four recommendations in this audit relating to data security and notification. All four recommendations were accepted by DFAT and Customs. The audit report for this audit has been published on the Office's website (see www.privacy.gov.au/government/audits).

3.9 Personal Information Digest

Each year, the Commissioner compiles and publishes the Personal Information Digest (PID) containing descriptions of the types of personal information held by each Australian and ACT Government agency. To assist people to ascertain what personal information the Government holds, the Privacy Act requires agencies to maintain a record setting out:

the nature of records kept
the purpose for which they are kept
the categories of people the information is about
the period for which the records are kept
who has access to the records and
the steps a person must take to gain access to those records.

Agencies must provide these records to the Commissioner in June of each year. The Office published the PID for the period ending June 2005 on its website.

The ACT Department of Justice and Community Safety (JACS) compiled the ACT PID and the final documents were published on the websites of both JACS and this Office.

Both PIDs are available at www.privacy.gov.au/government/digest/index.html.

3.10 Monitoring Government Comparisons of Data Sets

Data-matching is a process by which large data sets of personal information from different sources are brought together and compared for the purpose of identifying discrepancies.

For example, Centrelink and the Australian Taxation Office (ATO) undertake regular data-matching to identify where individuals have provided different income information to Centrelink than to the ATO. Discrepancies are investigated and recovery action may be taken if it is established that the individual has under-declared their income to Centrelink or the ATO and has been paid an incorrect rate of income support or tax as a result.

Data-matching raises significant privacy issues as it involves analysing information about large numbers of people the vast majority of whom have done nothing wrong and are not under suspicion. The Office performs a number of functions designed to ensure that government agencies undertaking data-matching activities minimise the impact on individuals' privacy. The Commissioner has statutory responsibilities under the Data-matching Program (Assistance and Tax) Act 1990 (the Data-matching Act) and the Guidelines for the Conduct of the Data-matching Program (the statutory data-matching guidelines). The Commissioner also oversees the operation of the Guidelines for the Use of Data-matching in Commonwealth Administration (1998) which are voluntary guidelines developed to assist agencies in undertaking data-matching programs that are not subject to the Data-matching Act in a privacy sensitive manner.

3.10.1 Matching under the Data-matching Program (Assistance and Tax) Act 1990 and statutory data-matching guidelines

The Data-matching Act provides for the use of tax file numbers in data matching processes undertaken by a special unit within Centrelink (the data-matching agency) on behalf of Centrelink, the Department of Veterans' Affairs (DVA) and the Australian Taxation Office (ATO). The aim of the program is to detect overpayments, taxation non-compliance and the receipt of duplicate payments.

The Data-matching Act and the statutory data-matching guidelines specify the type of personal information that can be used, how the data can be processed and how the results can be used. They also require that individuals are provided with the opportunity to dispute or explain the match and require that individuals have avenues for redress.

The Data-matching Act makes the Commissioner responsible for monitoring the conduct of the statutory data-matching program. Section 3.10.1.1 outlines the inspection work undertaken by the Office for this purpose. Centrelink, the ATO and DVA are also required under the Data-matching Act to report to Parliament on the results of data-matching activities carried out under the Act. These reports are published separately by each agency.

3.10.1.1 Inspections

During 2005-06 the Office inspected Centrelink's handling of a sample of data-matching cases in three regions. The regions inspected were as follows:

Area Central and Northern Queensland, August 2005
Area North Central Victoria, April 2006
Area South East Victoria, April 2006.

One hundred cases were inspected at the Area Central and Northern Queensland Office in Townsville and 60 cases were inspected at both the Area North Central Victoria Office in Box Hill, Melbourne and Area South East Victoria Office in Mornington. At the completion of the inspections, a report was prepared and provided to Centrelink outlining the findings. The Office found that Centrelink's processes and procedures for statutory data-matching were largely compliant with the requirements of the Data-matching Act.

3.10.2 Matching under the Guidelines for the Use of Data-matching in Commonwealth Administration (the voluntary data-matching guidelines)

Many Australian government agencies, including Centrelink, ATO and DVA also carry out data-matching activities that are not subject to the Data-matching Act but operate under other laws which authorise the use and disclosure of personal information for this purpose. The Privacy Commissioner has issued voluntary data-matching guidelines to assist agencies in undertaking such data-matching activities with due regard for the privacy of the individuals whose personal information is matched.

The voluntary data-matching guidelines require that:

action against individuals is not taken solely on the basis of automated processes
that individuals identified have the opportunity to question the results
that programs are only initiated where justified and
that programs are monitored and evaluated regularly.

The guidelines also require agencies to prepare a description of the data-matching activity, called a program protocol, which should be provided to the Privacy Commissioner for comment prior to commencement and, once finalised, should be made publicly available.

In the last financial year, the Privacy Commissioner received a total of 19 program protocols regarding non-statutory data-matching for consideration. This is the same as the number received in 2004-05. As in previous years, most program protocols were received from the ATO. The ATO conducts a significant amount of data-matching as part of its taxation compliance initiatives. In the reporting period, protocols were also received from Centrelink and DVA. A brief summary of each protocol received in 2005-06 is provided in Table 3.13 below.

3.10.2.1 Proposals seeking exemption from compliance with the voluntary data-matching guidelines

Paragraph 26 of the voluntary data-matching guidelines allows agencies to seek exemption from compliance with certain aspects of the guidelines where the agency believes it to be in the public interest.

In 2005-06, the Office received five new requests for exemption from compliance with aspects of the voluntary data-matching guidelines.

The Commissioner approved a request from Centrelink for exemption from the publication and notification aspects of the data-matching guidelines in relation to a data-matching program aimed at the identification of identity fraud. The Commissioner accepted that publishing details of the data-matching program and providing notice to individuals identified through the matching process prior to investigation of the potential fraud may undermine that investigation.

The Office has also received four related requests from the ATO for an extension of the length of time for which information collected during the data-matching process can be retained. These requests are currently under consideration.

Details of the exemptions sought are included in the program descriptions provided in Table 3.13 below. The Office has also published full details of recently approved exemptions on the data-matching page of the Office's website at www.privacy.gov.au/act/datamatching/index.html. Exemptions granted to the publication and notification requirements are not included on the website.

Table 3.13 2005-06 Program Protocols produced under the Voluntary Data-matching Guidelines

Matching Agency	Source Agencies	Name of the Program Protocol	Description of the Program Protocol	Received Date
ATO	WorkCover NSW	WorkCover NSW Data Matching Protocol	Identification of non-compliance with registration, lodgement and payment obligations under taxation law. The ATO will match business names and addressed registered with WorkCover NSW with its own records. This may include personal information.	August 2005
ATO	Real Property Data	Matching Information from Real Property Data with information from the ATO Database	Identification of those individuals that may be completely outside of the tax system. Client education in the correct treatment, completion and assessment of their CGT obligations matching of transferee and transferor details of property title transactions held by Real Property Data with ATO data.	September 2005
ATO	PMI Mortgage Insurance Ltd GE Mortgage Insurance Company Propriety Limited trading as Genworth Financial St George Bank Limited Australia and New Zealand Banking Group Limited Westpac Banking Corporation Suncorp-Metway Limited	Low Doc Loans Data Matching	Identification of individuals who are under reporting their income levels to the ATO by matching income data held by financial institutions with income data held by the ATO.	September 2005
ATO	Office of Consumer and Business Affairs - South Australia.	Trades Compliance Project	Identification of trades people registered with the South Australian Office of Business and Consumer Affairs who may not be complying with their taxation obligations.	September 2005
ATO	Legal Profession Registering Authorities	Matching information from the Judiciary Lists and professional legal practitioner membership lists with information from the ATO database.	Identification of tax non-compliance amongst members of the legal profession. To facilitate analysis of the lodgement and payment compliance of taxpayers within the legal profession.	October 2005
ATO	WorkCover Queensland	WorkCover Queensland Data Matching Protocol	Identification of non-compliance with registration, lodgement and payment obligation under taxation law. The ATO will match business names and addressed registered with WorkCover Queensland with its own records. This may include personal information.	November 2005
ATO	All state and territory roads and traffic authorities	Luxury Vehicle Project	Identification of high wealth individuals who are failing to meet their taxation obligations by comparing the value of the assets they acquire, which indicate conspicuous wealth, against the ATO's holdings on taxpayer records. In this instance the indication of conspicuous wealth is the purchase or acquisition of a motor vehicle with a sale price or valuation of $70,000 or more.	February 2006
ATO	Link Market Services Ltd Computershare Ltd Australian Stock Exchange Ltd	Share Data Data Matching Project	Identification of income tax and GST non-compliance. The Commissioner is currently considering a request from the ATO for exemption from aspects of the voluntary guidelines relating to data retention in respect of this program.	March 2006
ATO	22 state and territory government revenue and fisheries agencies	Fishing Industry Project	Identification of taxation non-compliance of persons involved in the commercial fisheries industry. The Commissioner is currently considering a request from the ATO for exemption from aspects of the voluntary guidelines relating to data retention in respect of this program.	March 2006
ATO	Foreign Investment Review Board	Foreign Resident Data Matching Project	Identification of taxation non-compliance of foreign residents in Australia. The Commissioner is currently considering a request from the ATO for exemption from aspects of the voluntary guidelines relating to data retention in respect of this program.	March 2006
ATO	Queensland Residential Tenancies Authority NSW Office of Fair Trading Victorian Residential Tenancies Bond Authority	Residential Tenancies Authorities Data Matching Project	Identification of non-compliance in relation to CGT, rental income disclosures and the GST. The Commissioner is currently considering a request from the ATO for exemption from aspects of the voluntary guidelines relating to data retention in respect of this program.	March 2006
ATO	All state and territory maritime authorities and the Australian Maritime Safety Authority	Marine Vessels Program	Identification of high wealth individuals who are failing to meet their taxation obligations by comparing the value of the assets they acquire, which indicate conspicuous wealth, against the ATO's holdings on taxpayer records. In this instance the indication of conspicuous wealth is the purchase or acquisition of a luxury marine vessel.	June 2006
AUSTRAC	Australian Taxation Office and other agencies authorised under ss. 27 and 27A of the Financial Transaction Reports Act 1988	Autosearch Generic Protocol	This is a generic program protocol that describes the process by which agencies authorised under ss. 27 and 27A of the Financial Transaction Reports Act 1988 provide data to AUSTRAC to be matched against information from AUSTRAC's databases.	November 2005
Centrelink	Centrelink	Internal Fraud Program (details withheld)	The program is designed to identify fraudulent or otherwise inappropriate uses of Centrelink systems by Centrelink staff members. To maintain the integrity of the program, Centrelink has sought exemption from the publication and notification requirements under the guidelines. The Office is continuing to monitor the operation of this program.	June 2005 - carried over from 2004-05.
Centrelink	Australian Electoral Commission and the Health Insurance Commission	Marriage Like Relationships matching with AEC and HIC	Identification of marriage like relationships by matching Centrelink customers receiving Parenting Payment Single allowance with Australian Electoral Commission and Heath Insurance Commission records.	July 2005
Centrelink	Source agency withheld: protected information	Identity Matching Program (details withheld: protected information)	Identification of individuals who may be using false identities to claim Centrelink income benefits. The program is designed to match customer identity details with identity details held by the source agency. The data-matching program is a component of Centrelink's fraud prevention strategy. To maintain the integrity of the program, specific details regarding the source agency and matching process are not publicly available, with information relating to the program classified as protected.	March 2006
Centrelink	ATO	Matching information from the ATO's taxpayer records with information from Centrelink debt records	This is a continuation of a data-matching program conducted annually by Centrelink with ATO to allow Centrelink to identify, intercept and garnishee tax refunds paid to clients with a Social Security, Family Assistance or Student Assistance debt. Centrelink has previously been granted an exemption from the guidelines allowing tax returns to b

Office of the Privacy Commissioner

Publications

SPECIFIC PRIVACY INFORMATION FOR: